News

On Wednesday October 31, 2018 about 8AM until 10:40 AM the CS web server that serves the web.cs.ucdavis.edu/~ sites, plus other CS research web servers (truthsayer, theory, whitespace2010, architecture, bugswarm, american, geekonomics, etc) were down or incorrectly pointing to the CSIF web services.

Because this issue was caused by a DNS error, it may take some time for the fix to propagate around the worlds DNS.

This was caused by an error at the campus IT while moving the csiflabs.cs.ucdavis.edu web site to the College of Engineering servers.

If you have questions or concerns, please contact: support@cs.ucdavis.edu

There have been a few social engineering attacks via email that have slipped by our spam firewall and Google's security measures. Be on your guard!

The most common of these phishing attacks com from some trusted entity, such as Campus IT, or from a service used in academia, like Blackboard. The message might say you have a message, or it might say your password is going to expire, anything to get you to click and login with your campus credentials which are then stolen, along with any data associated with that password.

Don't click on links you are unsure of. Do not re-use passwords for multiple services. Use a two-factor authenticator when available.

The Systems Support Group (SSG) highly recommends turning on Google's 2-Step Verification to protect your Google account (Davismail). There are a few ways to authenticate using this service, including a very convenient code sent to your phone via text.

This two-factor authentication is an effective method for countering phishing attacks, as it adds an extra verification layer when logging into sensitive applications. It's a good idea to apply two-factor authentication on a service when you can.

The Computer Science Instructional Facility has a new set of home directories in the CSIF and old home directories have been archived.

The old home directories are still mounted on sp2.cs.ucdavis.edu as read-only. Please, only use sp2 to retrieve or backup your files from the old home directory.

If you want to move your files from the old home directory to your new home directory we suggest logging into a system in the CSIF, for example pc14.cs.ucdavis.edu and executing one of these 3 rsync commands below:

** WARNING **

If you have created a file on the new home directory that is named the same and in the same location as the file on the old home directory and you rsync that directory to the same place, it will over write the file on the new home directory.

** WARNING **

In the below commands, change "USERNAME" to your username in the CSIF.

If you want to copy a directory from your old home directory called "OLD_DIRECTORY" to your new directory use this command:

Please be on the lookout for a Google Docs phishing email. The email invites you to collaborate in a Google Doc with the click of a link.

"When you click the link, you go to Google’s real login page. The problem is that after you’ve entered your password there, you’re redirected to a malicious third-party site. (In my case, it would have been “googledocs.docscloud.info,” which is not a Google site.) This page asks you to grant it permission to access your email account.

If users don’t realize they’ve been redirected to a non-Google site, they inadvertently give hackers the ability to read their emails and send out emails on their behalf. Malicious software then accesses a user’s address book and sends out more phishing emails to all the victims, repeating the cycle."

What to do if you fall prey to the attack

Hopefully you read this article before you fell prey to the Google Docs phishing scam. But what should you do if you’re coming to this article after you’ve already clicked the link and granted permission to the malicious software?

It never hurts to change your password, but experts say that won’t help in this case. Rather, what you need to do is revoke the permissions you unknowingly gave the malicious app to your account. To do that, go to the Google app permission page and look for the app called “Google Docs” — it’s not the real Google Docs. Click on that app and then click “Remove.”

In the early months of 2017 the Systems Support Group (SSG) will collect information on all CS assets. This includes all devices purchased by CS that can connect to a network.

For all systems running the Windows or Mac OS, the SSG would like to install BigFix software. BigFix will deliver information regularly and accurately to our Asset Management Software.

If you have a Linux system or do not want us to install BigFix then we will collect the following information manually:

Serial Numbers

PI or Owner Name

PI or Owner Phone Number

PI or Owner Email

MAC Address

OS

NAM

Room number

Where your work data is stored

Backup Solution used

We will be using student staff to collect this information -- they will be contacting you soon to coordinate a meeting to discuss installing BigFix and tracking all CS assets you or your team is using.

Because MoobilenetX will be depreciated in the near future, the Computer Science department now advises eduroam* for wireless needs. Choose your OS from the Campus Wireless Access page, and then use the eduroam instructions.

eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community.

Having started in Europe, eduroam has gained momentum throughout the research and education community and is now available in 74 territories.

eduroam allows students, researchers and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop.

The appointment slots feature lets you set one period of time on your calendar, divided into available time slots for people to reserve. For instance, professors or staff can have their students reserve time during office hours each week. These appointment calendars can also be shared on the web.